interface: keep the viewcode in the urls

The change of the user's data as well as the change of the password has been transferred to the Angular user profile. * Removes the "edit my profile" menu entry. * Removes the "Change password" menu entry. * Closes #2000. * Closes #2195. Co-Authored-by: Bertrand Zuchuat <[email protected]>
rero · Feb 10, 2022 · a965543 · a965543
1 parent 293ea0f
commit a965543
Show file tree

Hide file tree

Showing 12 changed files with 141 additions and 55 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -61,7 +61,7 @@ redisbeat = "*"
 jsonpickle = ">=1.4.1"
 ciso8601 = "*"
 # TODO: to be removed when the thumbnail will be refactored
-invenio-userprofiles = {git = "https://github.com/rero/invenio-userprofiles.git", rev = "v1.2.1-rero1.0"}
+invenio-userprofiles = {git = "https://github.com/rero/invenio-userprofiles.git", rev = "41d2b471cde1a93f660ba7bf0037ee3fb80b65fc"}
 
 ## Additionnal constraints on python modules
 flask-wiki = {git = "https://github.com/rero/flask-wiki.git", tag = "v0.0.1"}

diff --git a/rero_ils/config.py b/rero_ils/config.py
@@ -257,6 +257,18 @@ def _(x):
 #: proxies) removes these headers again before sending the response to the
 #: client. Set to False, in case of doubt.
 ACCOUNTS_USERINFO_HEADERS = False
+
+#: User profile
+RERO_PUBLIC_USERPROFILES_READONLY = False
+RERO_PUBLIC_USERPROFILES_READONLY_FIELDS = [
+    'first_name',
+    'last_name',
+    'birth_date'
+]
+
+#: USER PROFILES
+USERPROFILES_READ_ONLY = False;
+
 # Disable User Profiles
 USERPROFILES = True
 USERPROFILES_COUNTRIES = get_profile_countries

diff --git a/rero_ils/modules/ill_requests/templates/rero_ils/ill_request_form.html b/rero_ils/modules/ill_requests/templates/rero_ils/ill_request_form.html
@@ -27,7 +27,7 @@ <h4 class="alert-heading">{{ _('Caution!') }}</h4>
     <p class="mb-0">{{ _('A well detailed request is more likely to be satisfied') }}</p>
   </div>
 
-  <form id="ill-public-form" action="{{ url_for('ill_requests.ill_request_form') }}" method="POST" class="form" role="form" novalidate>
+  <form id="ill-public-form" action="{{ url_for('ill_requests.ill_request_form', viewcode=viewcode) }}" method="POST" class="form" role="form" novalidate>
     {{ form.hidden_tag() }}
     {%- if form.csrf_token and form.csrf_token.errors %}
       <div class="alert alert-danger" role="alert">

diff --git a/rero_ils/modules/ill_requests/views.py b/rero_ils/modules/ill_requests/views.py
@@ -35,16 +35,16 @@
 blueprint = Blueprint(
     'ill_requests',
     __name__,
-    url_prefix='/ill_requests',
+    url_prefix='/<string:viewcode>',
     template_folder='templates',
     static_folder='static',
 )
 
 
-@blueprint.route('/create/', methods=['GET', 'POST'])
+@blueprint.route('/ill_requests/create/', methods=['GET', 'POST'])
 @check_user_is_authenticated(redirect_to='security.login')
 @check_logged_as_patron
-def ill_request_form():
+def ill_request_form(viewcode):
     """Return professional view."""
     form = ILLRequestForm(request.form)
     # pickup locations selection are based on app context then the choices
@@ -73,6 +73,8 @@ def get_patron(location_pid):
             _('The request has been transmitted to your library.'),
             'success'
         )
-        return redirect(url_for('patrons.profile', tab='ill_request'))
+        return redirect(url_for(
+            'patrons.profile', viewcode=viewcode, tab='ill_request'))
 
-    return render_template('rero_ils/ill_request_form.html', form=form)
+    return render_template('rero_ils/ill_request_form.html',
+                           form=form, viewcode=viewcode)
diff --git a/rero_ils/modules/patrons/templates/rero_ils/patron_profile.html b/rero_ils/modules/patrons/templates/rero_ils/patron_profile.html
@@ -24,7 +24,7 @@
 {%- endblock css %}
 
 {%- block body %}
-<public-patron-profile language="{{ current_i18n.locale.language[:2] }}"></public-patron-profile>
+<public-patron-profile language="{{ current_i18n.locale.language[:2] }}" viewcode="{{ viewcode }}"></public-patron-profile>
 {%- endblock body %}
 
 {%- block javascript %}

diff --git a/rero_ils/modules/patrons/views.py b/rero_ils/modules/patrons/views.py
@@ -132,7 +132,13 @@ def logged_user():
             ),
             'librarianRoles': current_app.config.get(
                 'RERO_ILS_LIBRARIAN_ROLES', []
-            )
+            ),
+            'userProfile': {
+                'readOnly': current_app.config.get(
+                    'RERO_PUBLIC_USERPROFILES_READONLY', False),
+                'readOnlyFields': current_app.config.get(
+                    'RERO_PUBLIC_USERPROFILES_READONLY_FIELDS', []),
+            }
         }
     }
     if not current_user.is_authenticated:
@@ -168,9 +174,7 @@ def logged_user():
     return jsonify(data)
 
 
-@blueprint.route('/global/patrons/profile', defaults={'viewcode': 'global'},
-                 methods=['GET', 'POST'])
-@blueprint.route('/<string:viewcode>/patrons/profile')
+@blueprint.route('/<string:viewcode>/patrons/profile', methods=['GET', 'POST'])
 @check_logged_as_patron
 @register_menu(
     blueprint,
@@ -185,7 +189,7 @@ def logged_user():
 )
 def profile(viewcode):
     """Patron Profile Page."""
-    return render_template('rero_ils/patron_profile.html')
+    return render_template('rero_ils/patron_profile.html', viewcode=viewcode)
 
 
 @blueprint.app_template_filter('format_currency')

diff --git a/rero_ils/modules/users/api.py b/rero_ils/modules/users/api.py
@@ -69,6 +69,11 @@ def __init__(self, user):
         """User class initializer."""
         self.user = user
 
+    @property
+    def id(self):
+        """Get user id."""
+        return self.user.id
+
     @classmethod
     def create(cls, data, **kwargs):
         """User record creation.

diff --git a/rero_ils/modules/users/views.py b/rero_ils/modules/users/views.py
@@ -22,10 +22,12 @@
 import json
 from functools import wraps
 
-from flask import request
+from flask import abort, request
+from flask_login import current_user
 from invenio_rest import ContentNegotiatedMethodView
 
 from .api import User
+from ...modules.patrons.api import current_librarian
 from ...permissions import login_and_librarian
 
 
@@ -42,6 +44,24 @@ def is_logged_librarian(*args, **kwargs):
     return is_logged_librarian
 
 
+def check_user_permission(fn):
+    """Decorate to check permission access.
+
+    The access is allow when the connected user is a librarian or
+    the user id is the same of the id argument.
+    """
+    @wraps(fn)
+    def is_logged(*args, **kwargs):
+        """Decorated view."""
+        if not current_user.is_authenticated:
+            abort(401)
+        if not current_librarian and 'id' in kwargs \
+                and current_user.id != int(kwargs.get('id')):
+            abort(401)
+        return fn(*args, **kwargs)
+    return is_logged
+
+
 class UsersResource(ContentNegotiatedMethodView):
     """User REST resource."""
 
@@ -67,13 +87,13 @@ def __init__(self, **kwargs):
             **kwargs
         )
 
-    @check_permission
+    @check_user_permission
     def get(self, id):
         """Implement the GET."""
         user = User.get_by_id(id)
         return user.dumps()
 
-    @check_permission
+    @check_user_permission
     def put(self, id):
         """Implement the PUT."""
         user = User.get_by_id(id)
@@ -106,7 +126,7 @@ def __init__(self, **kwargs):
             **kwargs
         )
 
-    @check_permission
+    @check_user_permission
     def get(self):
         """Get user info for the professionnal view."""
         email_or_username = request.args.get('q', None).strip()
@@ -131,7 +151,9 @@ def get(self):
             user = User.get_by_username_or_email(email_or_username)
         if not user:
             return hits
-        data = user.dumps()
+        # if librarian: send all user data
+        # if patron: send only the user id
+        data = user.dumps() if current_librarian else {'id': user.id}
         hits['hits']['hits'].append(data)
         hits['hits']['total']['value'] = 1
         return hits